Add csrf_header() and csrf_meta() helper functions

Author: michalsn

system/Common.php

@@ -723,6 +723,25 @@ function csrf_token(): string
 
 //--------------------------------------------------------------------
 
+if (! function_exists('csrf_header'))
+{
+	/**
+	 * Returns the CSRF header name.
+	 * Can be used in Views by adding it to the meta tag
+	 * or used in javascript to define a header name when using APIs.
+	 *
+	 * @return string
+	 */
+	function csrf_header(): string
+	{
+		$config = config(App::class);
+
+		return $config->CSRFHeaderName;
+	}
+}
+
+//--------------------------------------------------------------------
+
 if (! function_exists('csrf_hash'))
 {
 	/**
@@ -759,6 +778,23 @@ function csrf_field(string $id = null): string
 
 //--------------------------------------------------------------------
 
+if (! function_exists('csrf_meta'))
+{
+	/**
+	 * Generates a meta tag for use within javascript calls.
+	 *
+	 * @param string|null $id
+	 *
+	 * @return string
+	 */
+	function csrf_meta(string $id = null): string
+	{
+		return '<meta' . (! empty($id) ? ' id="' . esc($id, 'attr') . '"' : '') . ' name="' . csrf_header() . '" content="' . csrf_hash() . '" />';
+	}
+}
+
+//--------------------------------------------------------------------
+
 if (! function_exists('force_https'))
 {
 	/**

tests/system/CommonFunctionsTest.php

@@ -251,6 +251,11 @@ public function testCSRFToken()
 		$this->assertEquals('csrf_test_name', csrf_token());
 	}
 
+	public function testCSRFHeader()
+	{
+		$this->assertEquals('X-CSRF-TOKEN', csrf_header());
+	}
+
 	public function testHash()
 	{
 		$this->assertEquals(32, strlen(csrf_hash()));
@@ -261,6 +266,11 @@ public function testCSRFField()
 		$this->assertContains('<input type="hidden" ', csrf_field());
 	}
 
+	public function testCSRFMeta()
+	{
+		$this->assertContains('<meta name="X-CSRF-TOKEN" ', csrf_meta());
+	}
+
 	// ------------------------------------------------------------------------
 
 	/**

user_guide_src/source/general/common_functions.rst

@@ -176,6 +176,13 @@ Miscellaneous Functions
 
 	Returns the name of the current CSRF token.
 
+.. php:function:: csrf_header ()
+
+	:returns: The name of the header for current CSRF token.
+	:rtype: string
+
+	The name of the header for current CSRF token.
+
 .. php:function:: csrf_hash ()
 
 	:returns: The current value of the CSRF hash.
@@ -192,6 +199,15 @@ Miscellaneous Functions
 
 		<input type="hidden" name="{csrf_token}" value="{csrf_hash}">
 
+.. php:function:: csrf_meta ()
+
+	:returns: A string with the HTML for meta tag with all required CSRF information.
+	:rtype: string
+
+	Returns a meta tag with the CSRF information already inserted:
+
+		<meta name="{csrf_header}" content="{csrf_hash}">
+
 .. php:function:: force_https ( $duration = 31536000 [, $request = null [, $response = null]] )
 
 	:param  int  $duration: The number of seconds browsers should convert links to this resource to HTTPS.